Fight against spam part 1 – Postfix SPF

Sender Policy Framework (SPF) –  is a simple email-validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain comes from a host authorized by that domain’s administrators. The list of authorized sending hosts for a domain is published in the Domain Name System (DNS) records for that domain in the form of a specially formatted TXT record.  – Wikipedia


I assume you have working postfix server already. Also I assume that you follow guide that have been posted here Postfix i Dovecot – perfect duo for mail server which use Debian/Ubuntu to achieve that.


Install needed package:

apt-get install postfix-policyd-spf-python

Default configuration that is present in package give us almost complete implementation we need to tweak it a bit to make it perfect:

#vim /etc/postfix-policyd-spf-python/policyd-spf.conf

#  For a fully commented sample config file see policyd-spf.conf.commented

debugLevel = 1
defaultSeedOnly = 1

HELO_reject = False
Mail_From_reject = False

PermError_reject = False
TempError_Defer = False

skip_addresses =,::ffff:,::1

Let postfix know that we use more anti-spam technics:

#vim /etc/postfix/

policy-spf_time_limit = 3600s

smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,check_policy_service unix:private/policy-spf
#vim /etc/postfix/

policy-spf  unix  -       n       n       -       -       spawn
     user=nobody argv=/usr/bin/policyd-spf

We need to restart postfix to make thise work

/etc/init.d/postfix restart



Rest post related to this topic:

Postfix i Dovecot – perfect duo for mail server

Fight against spam part 2 – Postfix DKIM

Fight against spam part 3 – Postfix DMARC

Fight against spam part 4 – Postfix SpamAssassin

Fight against spam part 5 – Dovecot Sieve


Leave a Reply

Your email address will not be published. Required fields are marked *